RAdmin revision history

Schema.pm type datetime now maps to bigint to work better with future dates.

Some Schema.pm varchars were made longer.

Simplified how timelocal and localtime handle two digit years.

Certain values that are received over RADIUS as integers are now strored as bigints because RADIUS integers are typically unsigned.

Added support for using environment variables with install.pl, installMysql.sh, installPostgresql.sh and installSQLite.sh. This allows automatic installation with no modifications to the distribution files.

Fixed a problem with radmin.js where message log HTML table view was accidentally cleared by radmin.js if the table had a log message containing either ‘[‘ or ‘]’ character.

Updated goodies: removed obsolete files and configuration samples that duplicate samples in Radiator’s goodies. The latest configuration samples, such as radmin.cfg, are now available in Radiator’s goodies.

Updated RADIUS attributes dictionary to be consistent with latest Radiator.

Added support for 2 new pages, 2 new tables and 2 new configuration parameters for supporting unusual requirements. The new RADCOMMANDAUDIT table can be used to record Tacacs commands executed by operators on Tacacs capable routers. The RADGROUPAUTH table can be used to store User Group/Device Group authorisation rules. At present, only listing of these tables is supported, not editing.

Logged in as’ line in the header now includes the hostname.

Improvements to install.pl and added installMysqlWindows.pl to support easy installation on Windows with XAMPP Perl Apache and Mysql (http://www.apachefriends.org/en/xampp-windows.html). Updated installation instructions for XAMPP on Windows.

Added optional tablenames arguments to -dump option in createdb.pl

Fixed a problem where changing password format to crypt could prevent admin login.

Minor changes to use Getopt::Long and prevent warnings from some versions of perl: ‘Legacy library newgetopt.pl will be removed from the Perl core distribution in the next major release…..’

Added new script that expires logging table by deleting records older than 90 days (by default).

Fixed a problem that prevented goodies/convert from running.

Date normalisation has been removed and instead logs an error if day or month numbers are out of range.

Fixed a problem that caused goodies/convertDict.pl to produce incorrect results if there are TLV type attributes in the dictionary. Created a new radattrs.dat from the latest Radiator dicitonary. TLV type attributes are not yet supported.

Updated radattrs.dat to include PoolHint from latest Radiator dictionary.

List Usage now shows Input and Output octets and their sum for the user.

Added support for OATH (HOTP and TOTP) tokens. QR code generation is supported for importing newly created tokens to devices. Added 1 new table RADOATH for OATH token data, 1 configuration option for enabling OATH support and 4 pages for managing OATH tokens.

SQL table column names are converted to upper case for DB migration. This provides more consisten behaviour between different DB vendors.

Updated user interface. For example, attribute names are now automatically completed when attributes are allocated for users or service profiles.

Changed the length of the RADADMINUSERS.PASS_WORD field to 50 in order to accommodate encrypted passwords.

The type of the Password field was corrected to be of type password, allowing it to be stored in encrypted format during user creation.

Added [Logout] link after logged in user name, which clears the admin cookie and require the user to log in again.

Revision 1.13 (2009-12-06)

Significant new features and some bug fixes

Fixed a problem where some relative date calculations could cause a crash in timelocal.

Fixed a problem with permission names in showDigipass.pl that would cause “Sorry, you do not have permission to do that (TOKEN_RESET_STATIC).” when trying to reset a Digipass static PIN. Reported by Peter Vos.

Fixed a problem where headings in table listings did not appears.

Fixed a problem where importing a Digipass with ‘Auto create users and allocate tokens’ enabled did not set Valid From and Valid To dates. Now they are set to the current time and 1 year hence.

Added support for Yubikey One-Time-Password tokens from Yubico (www.yubico.com). Tokens may be imported, allocated to users, deallocated, deleted etc. Support for static password can also be enabled. Sample configuration file goodies/radminYubikey.cfg shows how to configure Radiator to authenticate Yubikeys from the RAdmin database, with or without static passwords. Automatic initilisation of Yubikeys can be done with a single click if the Yubico Windows COM/ActiveX Personalization Library installed on the browser host.

Improved workflow for allocating tokens to users. Can now start with a token and then choose to allocate a user to that token.

Revision 1.12 (2009-02-24)

New features

Added support for internationalisation of the RAdmin GUI. The Accept-Language sent by the browser is examined for a matching localisation file in Radmin/Lang. Localisation file added for Chinese at Radmin/Lang/zh.strings. Other Localisation files can be added to the Radmin/Lang directory, following the sample Radmin/Lang/zh.stringsChines example. Translation defaults to English if no localisation file can be found for one of the Accept-Language strings sent by the browser.

Optional RAdmin internal authentication for administrative users added. If Authenticate Admin users? configuration option is enabled, RAdmin users will be required to log in to RAdmin. RAdmin will authenticate users against passwords in the Administrative User table. You can now choose whether RAdmin or your web server does administrative user authentication. Defaults to disabled for backwards compatibility.

Product editing form now exposes a ‘Product Group’ field (which already existed in the database as ‘SERVICENAME’). When subscriptions are enabled, the user editing page now makes products with the same Product Group name mutually exclusive. You can now enable at most ONE subscription Product with the same (non-empty) Product Name. You can still enable multiple products with an empty Product Group name for backwards compatibility.

The ACCTSESSIONID column in the RADONLINE table increased to 50 chars to be consistent with RADUSAGE table.

Revision 1.11 (2008-04-20)

New features and bug fixes)

Compatibility with Radiator 4.0

Migration instructions included in migration.html for easy upgrade from previous versions.

Added a number of new permissions to provide fine-grained control over digipass actions. Requested by Juozas Baliuka.

When importing Digipass tokens, now have the option to automatically create a user for each token and allocate the user to the token. The user name is derived from the token serial number with leading zeroes and hte applicaiton name removed. Good for creating large numbers of tokens and their users at the same time. Requested by Juozas Baliuka.

Added support for CSS style sheets. All pages now use a style sheet /Radmin/radmin.css which is installed automatically, and may be customised to suit your look and feel.

Added support for DBD::SQLite2. New install script installSQLite2.sh.

Added support for new option in uiDesc for objectLister. noSelect is a list of column names that should not be included in the select query. Requested by Elon Alonza Richards.

Improvements to Show Digipass Tokens details page to show additional details if Authen-Digipass 1.6 or later is available. Includes whether the token supports PINs, static passwords etc. Requested by Olivier MOULIN.

Added support for db_delete_hook, which is called just before each delete SQL query is run, with the SQL query passed as an argument

Fixed a problem where the “Unlock Token” action fails to find token if serial number contais spaces. Patch provided by Juozas.Baliuka.

Revision 1.10 (2004-10-13)

Some new features and bug fixes

Increased size of RADONLINE.NASPORTTYPE to 20 chars, since some wireless devices send a large string.

Increased size of RADUSAGE.ACCTSESSIONID to 50 chars, since some devices send a large string.

Improved installMysql.sh so that it works with MySQL 4.1 and later.

Fixed a problem with editRadminConfig.pl on newer versions of Oracle, which can result in an error like: DBD::Oracle::db do failed: ORA-01400: cannot insert NULL into (“RADMIN”.”RADMINCONFIG”.”USERNAME”), and the new Radmin Configuration would not be stored.

Fixed a problem with Microsoft SQL 2003, where it would not permit index columns to be NULL. Now all index columns are permitted to be NULL.

Fixed a bug in formatting serial numbers in listDigipass.pl.

Fixed a problem that prevented importing tokens with long application names, reported by Bosse Klykken. Also, when importing tokens, there is no need to specify the application name unless there is more than one application in the imported DPX file.

Improvements to Sybase install script to work better with Sybase ASE 12.5. Fixes problems with the default NULL/NOT NULL for columns. Increased the example size of database and log.

Fixed a problem with inserting rows with Sybase ASE 12.5.

Testing with Apache 2.0.54 on Windows XP and Server 2003. OK, but required the following fix:

install.pl now fixes the #! line at the top of all executables on Windows as well as Unix, since Apache on Windows may take notice of it. Also improved bogus error reporting on Server 2003 when installing Radmin *.pm files.

listUsage.pl sumUsage.pl modemUsage.pl scripts all now accept a new table_suffix parameter, which allows the caller to specify exactly which of several RADUSAGE tables to look in. Useful if your Radiator is configured to write to a different accounting table for each day, month or year. If table_suffix is one or more digits, then it will be appended to the RADUSAGE table name, separated by an underscore. So if table_usage is set to 200510, then the script will access the RADUSAGE_200510 table.

Revision 1.9 (2004-10-11)

Added Vasco Digipass support, some minor bug fixes

RAdmin is now ‘Vasco Ready’. Added support for importing, allocating and authenticating against Vasco Digipass tokens (http://www.vasco.com). This permits RAdmin and Radiator to be used with token-based authentication for greater security. Requires the Authen-Digipass module, supplied with Radiator 3.10 or later. Also provides Unlock, reset and other actions on Digipass tokens. Caution: see doc/migration.html for upgrade details.

Improvements to goodies/expire. Now takes a -w flag that will issue an expiry warning message n days prior to expiry.

Removed TIME_STAMP from Sum Usage page. It did not make sense and broke summaries in Postgresql.

Fixed a problem with editRadminConfig.pl on Postgresql where a field that was too long would cause the update to fail. Reported by Diana Eichert.

Added simple account state menu, which can be enabled by uncommenting the STATE line in editUser.pl

Improvements to cache controls to prevent browser caching of pages.

Session-Timout is now forced to be a string type, so you can set ‘until Time’ if you wish.

Revision 1.8 (2004-02-11)

Minor bug fixes

Fixed a problem with editing Radius attritbues on some databses. The radius check and reply items would be doubled.

Fixed createdb.pl file importer to be more tolerant of unusual line endings.

Default Simultaneous Logins and Default Time Left did not appear on the Edit RAdmin Configuration due to an error in basicdb.dat. Reported by glenn_pierce.

PoolHint was inadvertently left out of the standard Radius reply attributes.

Proposed passwords are now vetted by Radmin::Util::validatePassword. Which can be overridden by your Site.pm to implement local password rules. Example code in Site.pm

listUsage.pl and listOnline.pl now show the Called-Station field.

Fixed a syntax with the SQL query for ordering of summed columns in sumUsage.pl with MySQL.

createdb.pl did not honour the -dbsource, -dbusername adn -dbauth command line arguments.

Fixed a problem where setting Hide Passwords using editRadminConfig.pl would not necessarily hide passwords.

Repaired a problem where createdb.pl would try to load SQL configuration, even before there was no SQL database.

Revision 1.7 (2002-11-19)

New features, some fixes

RAdmin configuration is now configurable from SQL for improved local customisation support.

RAdmin now logs all database actions (update, insert, delete) to the RADMESSAGES table as an Audit Trail, alnong with details of who did it and what database object was affected.

Added support for Radius proxying. You can now use RAdmin to manage a list of realms to be proxied and the primary and secondary hosts to send them to.

Added support for Indirect Radius proxying. You can now use RAdmin to manage a set of indirect attribute values (such as Called-Station-Id) that all get proxied to the same proxy realm.

Radius attributes did not correctly handle tagged integer and string types such as Tunnel-Type. New radattrs.dat and goodies/convertDict.pl

Authentication of RAdmin administrative users in CGIUtil was broken.

Fixed typos in the names of SERVICE_V and USERUSAGE_V in the RADPERMISSIONS table incorrectly set in basicdb.dat. Reported by Stephan Schönberger.

Added optional support for managing multiple subscription-based products with optional htpasswd style password file support. Can be used to manage access to selected web pages with the same username and password as Radius. Can also be used to manage multiple distinct radius authenticated products. Automatic emails and expirys are supported. Enable it by setting $Radmin::config{Subscriptions} to 1 in Site.pm.

The profile permissions sytem was changed and enhanced. Previously there was a fixed set of permissions, with an int in the RADADMINPROFILE table for each permission. This has been enhanced so there is an entry in RADPERMISSIONS for each possible permission, and an entry in RADPROFILEPERMISSIONS for each permission that a RADADMINPROFILE has been granted. New types of permission can now be added more easily. CAUTION: there may be a migration issue for existing installations of RAdmin 1.5. See the installation documentation for more information.

New database data type bigint added to cater for Radius attributes larger than a signed 4 byte int.

Added support for a validateDelete hook in both editors and listers. Also added postAdd and postUpdate hooks for editors.

Can now use the relative time ‘forever’ to mean ‘until the end of time’.

In string searches, if the search string already has a % in it, it is used verbatim as the wildcard search, else it searches for anything containing the string. eg ‘b%’ will match anything starting with b, but just ‘b’ will match anything containing the letter b.

Default date format changed to yyyy-mm-dd, in the interests of internationalisation. You can still configure for dd/mm/yyyy or mm/dd/yyyy in Site.pl.

convertDict.pl moved to goodies directory.

listMessages page now has a proper menu for selecting the message type.

Can now optionally store passwords in database as Unix crypt or OSC Rcrypt (reversible encryption format), depending on setting of PasswordFormat in Site.pm. Honoured by editUser and by changePassword.

Changes to modemUsage.pl to prescale byte counts and times, else some databases get arithmetic overflows when summing large numbers.

Added new type ‘exact-text’ for search pages that does an exact match instead of ‘like’.

Added public version of listUsage.pl to cgi-bin/public, allowing authenticated users to access (only) their own usage.

Added RADPOOL table to Schema.pm to make use with Radiator address pools easier.

Some minor changes to look and feel contributed by Mal Beaton.

Example db_pre_insert_hook and db_pre_update_hook in Site.pm showing how to automatically Unix encrypt passwords before insertion or update in the database.

Display of negative time intervals improved.

Length of the PASS_WORD column increased to 50, to accomodate Rcrypt passwords etc.

Can now optionally mask existing passwords by setting HidePasswords in Site.pm.

Fixed a number of problems with user names with embedded spaces of HTML characters.

Included Radiator authentication module goodies/AuthRADMIN.pm, suitable for use with Radiators prior to version 2.19.

Added documentaion for Service Profiles, Edit RADIUS and Radius Clients.

install.pl on UNix now has default web server paths to suit a standard Linux distribution.

Revision 1.4 (30/5/00)

Preparation for improved integration with Services. The next release of RAdmin will implement Services and Service-Specific reply attributes. Some RAdmin systems will require minor Radiator config changes at that time.

Added complete user permissions system, which allows you to apply fine-grained access permissions, based on Permission Profiles for each user. You also can distinguish between ‘anonymous’ users (who are not required to authenticate themselves with web server) and staff users (who are required to authenticate themselves with web server).

Modified createdb.pl to allow database rows to be loaded from a flat file, and to dump to a flat file.

Can now use formats like 1:2:3, 1h2m3s etc to specify Time Left intervals

The public/changePassword.pl script had a typo that prevented passwords being changed.

The install script install.pl now adjusts the umask since restrictive umasks on new directories breaks the installation.

Improved ability of installMysql to install onto a remote SQL server, by setting the host variable

goodies/convert can now also read a unix /etc/passwd style file to create usernames, passwords and full name. Convert also sets the ADDEDDATE on new entries now, and can optionally set the validfrom and validto dates using any of the supported date/time formats. It also sets BADLOGINS to 0 and MAXLOGINS to the site specific default for Simultaneous Logins (see below).

Added a site specific default for Simultaneous Logins, suggested by Daniel Senie. Thanks Daniel. Also added defaults for a number of other Add User fields.

Added new date format YYYYMMDD, also the default time of day changed to midnight at the beginning of the day

Added documentation for goodies/convert.

Dates now honour formats like “2 hours ago” and “6 minutes ago”

Fixed a problem with escapeHTML in recent versions of CGI.pm that would result in blank editing fields.

New APIs for loading and dumping databases.

New type of UI API field: fkmenu, which shows a list of primary keys in a foriegn table.

There is now a ‘database’ tag that is carried around from form to form. It can be used to select the database to connect to and therefore to implement multiple distinct administrative systems via the one set of web pages. Suggested by Daniel Senie. Thanks Daniel.

Blank text fields are now stored as NULL.

Changes the name of some columns in currently unused tables from VALUE to IVALUE, due to reserved words in some databases like mSQL.

Improved interface for intercepting database inserts and updates using a new hook mechanism.

Testing with mSQL. There are some problems with some of the modem and usage summaries, due to unsupported SQL features in mSQL, but the main features work. Not recommended.

Who you are logged in as (for permission profile purposes) is shown at the top of each page. Suggested by Jay West.

The default behaviour of all list pages has now been changed so that the initial appearance of the page does not show the list. You need to press the Search button first. This is intended to improve usability when there are large user populations. If you want a list page to do the search when it forst appears, add _action=Search to the hotlink. Suggested by Jay West.

Default radmin.cfg now uses ClientListSQL, and the Client list and editing links appear on the tool bar. Suggested by Jay West.

Added ability to delete from the Message Log list page.

Revision 1.3 (4/8/99)

Added support for ClientListSQL: listClients.pl, editClient.pl and added RADCLIENTLIST table to Schema. Use of this is optional.

Fixed some problems with creating databases on recent versions of mysql. Indexes needed NOT NULL, and index creation permission was missing.

Fixed some typos in listOnline.pl

Added configurable formatting for time intervals and data volumes for easier reading.